test: verify security advisory write tools are registered

advancedresearcharray · cursoragent · advancedresearcharray · commit 9db77d20798d · 2026-06-09T03:47:59.000Z
Add regression coverage ensuring create, update, and CVE request tools
are registered in the security_advisories toolset with write hints.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/pkg/github/security_advisories_write_test.go b/pkg/github/security_advisories_write_test.go
@@ -512,3 +512,22 @@ func Test_validateSeverityOrCVSS(t *testing.T) {
 		assert.Error(t, validateSeverityOrCVSS("high", "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", false))
 	})
 }
+
+func TestSecurityAdvisoryWriteToolsRegistered(t *testing.T) {
+	expected := map[string]bool{
+		"create_repository_security_advisory":            false,
+		"update_repository_security_advisory":            false,
+		"request_cve_for_repository_security_advisory": false,
+	}
+
+	for _, tool := range AllTools(translations.NullTranslationHelper) {
+		if _, ok := expected[tool.Tool.Name]; ok {
+			assert.Equal(t, ToolsetMetadataSecurityAdvisories.ID, tool.Toolset.ID)
+			require.NotNil(t, tool.Tool.Annotations)
+			assert.Equal(t, expected[tool.Tool.Name], tool.Tool.Annotations.ReadOnlyHint)
+			delete(expected, tool.Tool.Name)
+		}
+	}
+
+	assert.Empty(t, expected, "missing security advisory write tools: %v", expected)
+}
